acme.sh supports Cloudflares new token model, which allows fine-grained control over token permissions.
Reference: https://github.com/Neilpang/acme.sh/wiki/dnsapi#using-the-new-cloudflare-api-token
I'm a huge fan of the "least-privilege" principle, so I took it upon me to take a stab at implementing it into the os-acme-client Plugin.
Here's the result: https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b)
(//)
It works on my lab and my productive installations, though there are some issues where I'd like some feedback on.
- Are <help>-elements appropriate in the dialogValidation.xml? (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b#diff-b7bb21b1968b1e68df572e587acf6dbcR201)
- I can't get a proper control structure around this (https://github.com/Alphakilo/plugins/commit/3a4edf21bcb8cc25df9b7748cee6d88dadf5f98b#r35154089), any advice?
Cheers!